chore(pip-prod)(deps): bump pyyaml from 6.0.1 to 6.0.2

Bumps [pyyaml](https://github.com/yaml/pyyaml) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/yaml/pyyaml/releases)
- [Changelog](https://github.com/yaml/pyyaml/blob/main/CHANGES)
- [Commits](https://github.com/yaml/pyyaml/compare/6.0.1...6.0.2)

---
updated-dependencies:
- dependency-name: pyyaml
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

.env.default

@@ -1,5 +1,8 @@
+APP_LIFECYCLE="dev"
+SENTRY_ENABLED="False"
+SENTRY_DSN=""
 ADMIN_EMAIL=""
 ADMIN_FIRST_NAME=""
 BOT_NAME=""
 N8N_WEBHOOK_URL=""
-WEBEX_API_KEY=""
+WEBEX_API_KEY=""

.github/CODEOWNERS

@@ -0,0 +1 @@
+*   @luketainton

.github/dependabot.yml

@@ -0,0 +1,44 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    assignees:
+      - "luketainton"
+    # reviewers:
+      # - "luketainton"
+    commit-message:
+      prefix: "chore(actions)"
+      include: "scope"
+    labels:
+      - "dependencies"
+
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    assignees:
+      - "luketainton"
+    # reviewers:
+      # - "luketainton"
+    commit-message:
+      prefix: "chore(docker)"
+      include: "scope"
+    labels:
+      - "dependencies"
+
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    assignees:
+      - "luketainton"
+    # reviewers:
+      # - "luketainton"
+    commit-message:
+      prefix: "chore(pip-prod)"
+      prefix-development: "chore(pip-dev)"
+      include: "scope"
+    labels:
+      - "dependencies"

.github/renovate.json

@@ -1,47 +1,47 @@
 {
+  "assignAutomerge": true,
+  "assigneesFromCodeOwners": true,
+  "baseBranches": [
+    "main"
+  ],
+  "dependencyDashboardAutoclose": true,
   "extends": [
     "config:base",
     ":semanticCommits",
     ":semanticCommitTypeAll(fix)"
   ],
-  "baseBranches": [
-    "next"
-  ],
-  "platformCommit": true,
-  "dependencyDashboardAutoclose": true,
-  "assignAutomerge": true,
-  "assigneesFromCodeOwners": true,
-  "rebaseWhen": "behind-base-branch",
-  "rollbackPrs": true,
   "labels": [
     "dependencies"
   ],
   "packageRules": [
     {
+      "labels": [
+        "linting"
+      ],
       "matchPackagePatterns": [
         "black",
         "pylint"
-      ],
-      "labels": [
-        "linting"
       ]
     },
     {
+      "labels": [
+        "unit-tests"
+      ],
       "matchPackagePatterns": [
         "coverage",
         "pytest"
-      ],
-      "labels": [
-        "unit-tests"
       ]
     }
   ],
+  "platformCommit": true,
+  "rebaseWhen": "behind-base-branch",
+  "rollbackPrs": true,
   "vulnerabilityAlerts": {
+    "commitMessagePrefix": "[SECURITY] ",
     "enabled": true,
     "labels": [
       "security"
     ],
-    "commitMessagePrefix": "[SECURITY] ",
     "prCreation": "immediate"
   }
-}
+}

.github/workflows-old/release.yml

@@ -0,0 +1,64 @@
+name: Build
+on:
+  push:
+    branches: [main]
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    outputs:
+      new_tag: ${{ steps.tag_version.outputs.new_tag }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Bump version and push tag
+        id: tag_version
+        uses: mathieudutour/github-tag-action@v6.2
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          default_bump: minor
+      - name: Create a GitHub release
+        uses: ncipollo/release-action@v1
+        with:
+          tag: ${{ steps.tag_version.outputs.new_tag }}
+          name: ${{ steps.tag_version.outputs.new_tag }}
+          body: ${{ steps.tag_version.outputs.changelog }}
+          generateReleaseNotes: true
+
+  publish:
+    name: GitHub Container Registry
+    runs-on: ubuntu-latest
+    needs: release
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+      - name: Login to GitHub Container Registry
+        run: echo ${{ secrets.GITHUB_TOKEN }} | docker login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin
+      - name: Build image for GitHub Package Registry
+        run: |
+          docker build . --file Dockerfile \
+          --build-arg "version=${{ needs.release.outputs.new_tag }}" \
+          --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release.outputs.new_tag }} \
+          --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+      - name: Push image to GitHub Package Registry
+        run: |
+          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release.outputs.new_tag }}
+
+  # deploy:
+  #   name: Update Portainer Deployment
+  #   runs-on: ubuntu-latest
+  #   needs: publish
+  #   steps:
+  #     - uses: fjogeleit/http-request-action@v1
+  #       with:
+  #         url: ${{ secrets.PORTAINER_WEBHOOK_URL }}
+  #         method: POST
+  #         timeout: 60000
+  #         preventFailureOnNoResponse: "true"

.github/workflows/ci.yml

@@ -6,16 +6,13 @@ on:
       - "README.md"
       - "LICENSE.md"
       - ".gitignore"
-      - "CODEOWNERS"
-      - "renovate.json"
+      - ".github/CODEOWNERS"
+      - ".github/renovate.json"
+      - ".github/dependabot.yml"
 
 jobs:
-  pythonci:
-    uses: luketainton/gha-workflows/.github/workflows/ci-python.yml@main
-    secrets:
-      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-  
-  dockerci:
-    uses: luketainton/gha-workflows/.github/workflows/ci-docker.yml@main
+  ci:
+    uses: luketainton/gha-workflows/.github/workflows/ci-python-with-docker.yml@main
     secrets:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

.github/workflows/release.yml

@@ -1,51 +1,18 @@
-name: Build
+name: Release
 on:
-  push:
-    branches: [main]
+  workflow_dispatch:
+  schedule:
+    - cron: "0 9 * * 0"
 
 jobs:
-  release:
-    name: Release
-    runs-on: ubuntu-latest
-    outputs:
-      new_tag: ${{ steps.tag_version.outputs.new_tag }}
-    steps:
-      - uses: actions/checkout@v4
-      - name: Bump version and push tag
-        id: tag_version
-        uses: mathieudutour/github-tag-action@v6.1
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          default_bump: minor
-      - name: Create a GitHub release
-        uses: ncipollo/release-action@v1
-        with:
-          tag: ${{ steps.tag_version.outputs.new_tag }}
-          name: ${{ steps.tag_version.outputs.new_tag }}
-          body: ${{ steps.tag_version.outputs.changelog }}
-        
-  publish:
-    name: GitHub Container Registry
-    runs-on: ubuntu-latest
-    needs: release
-    steps:
-      - uses: actions/checkout@v4
-      - name: Login to GitHub Container Registry
-        run: echo ${{ secrets.GHCR_ACCESS_TOKEN }} | docker login ghcr.io -u luketainton --password-stdin
-      - name: Build image for GitHub Package Registry
-        run: docker build . --file Dockerfile --tag ghcr.io/luketainton/roboluke-tasks:${{ needs.release.outputs.new_tag }} --tag ghcr.io/luketainton/roboluke-tasks:latest
-      - name: Push image to GitHub Package Registry
-        run: |
-          docker push ghcr.io/luketainton/roboluke-tasks:latest
-          docker push ghcr.io/luketainton/roboluke-tasks:${{ needs.release.outputs.new_tag }}
+  create_release:
+    name: Create Release
+    uses: luketainton/gha-workflows/.github/workflows/create-release.yml@main
 
-  deploy:
-    name: Update Portainer Deployment
-    runs-on: ubuntu-latest
-    steps:
-      - uses: fjogeleit/http-request-action@v1
-        with:
-          url: ${{ secrets.PORTAINER_WEBHOOK_URL }}
-          method: POST
-          timeout: 30000
-          preventFailureOnNoResponse: 'true'
+  create_docker:
+    name: Create Docker Image
+    needs: create_release
+    if: ${{ needs.create_release.outputs.success == 'true' }}
+    uses: luketainton/gha-workflows/.github/workflows/build-push-attest-docker.yml@main
+    with:
+        release: ${{ needs.create_release.outputs.release_name }}

.pre-commit-config.yaml

@@ -0,0 +1,60 @@
+fail_fast: false
+
+minimum_pre_commit_version: 3.8.0
+
+default_install_hook_types: [pre-commit, commit-msg]
+
+default_language_version:
+  python: python3.11
+
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.6.0
+    hooks:
+      - id: trailing-whitespace
+      - id: mixed-line-ending
+      - id: end-of-file-fixer
+      - id: requirements-txt-fixer
+      - id: check-yaml
+      - id: check-added-large-files
+      - id: check-ast
+      - id: check-docstring-first
+      - id: check-json
+      - id: check-merge-conflict
+      - id: check-toml
+      - id: check-xml
+      - id: detect-private-key
+      - id: no-commit-to-branch
+      - id: requirements-txt-fixer
+      - id: name-tests-test
+        args: [--pytest-test-first]
+      - id: pretty-format-json
+        args: [--autofix]
+
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.5.6
+    hooks:
+      - id: ruff-format # Run the formatter.
+      - id: ruff # Run the linter.
+        args: [--fix]
+
+  - repo: https://github.com/pycqa/isort
+    rev: 5.13.2
+    hooks:
+      - id: isort
+
+  - repo: https://github.com/pre-commit/pygrep-hooks
+    rev: v1.10.0
+    hooks:
+      - id: python-use-type-annotations
+
+  - repo: https://github.com/asottile/pyupgrade
+    rev: v3.17.0
+    hooks:
+      - id: pyupgrade
+
+  - repo: https://github.com/compilerla/conventional-pre-commit
+    rev: v3.4.0
+    hooks:
+      - id: conventional-pre-commit
+        stages: [commit-msg]

CODEOWNERS

@@ -1 +0,0 @@
-*   @luketainton

Dockerfile

@@ -15,4 +15,7 @@ RUN pip install --no-cache-dir -r requirements.txt
 
 ENTRYPOINT ["python3", "-B", "-m", "app.main"]
 
+ARG version="dev"
+ENV APP_VERSION=$version
+
 COPY app /run/app

app/commands/submit_task.py

@@ -1,6 +1,7 @@
 #!/usr/bin/env python3
 
 import logging
+import sentry_sdk
 
 from webex_bot.models.command import Command
 from webex_bot.models.response import Response, response_from_adaptive_card
@@ -113,7 +114,8 @@ class SubmitTaskCommand(Command):
                 Submit(title="Cancel", data={"command_keyword": "exit"}),
             ],
         )
-        return response_from_adaptive_card(card)
+        with sentry_sdk.start_transaction(name="submit_task_command"):
+            return response_from_adaptive_card(card)
 
 
 class SubmitTaskCallback(Command):
@@ -147,7 +149,8 @@ class SubmitTaskCallback(Command):
         )
 
     def execute(self, message, attachment_actions, activity) -> str:
-        return self.msg
+        with sentry_sdk.start_transaction(name="submit_task_callback"):
+            return self.msg
 
 
 class MyTasksCallback(Command):
@@ -158,11 +161,13 @@ class MyTasksCallback(Command):
         self.msg: str = ""
 
     def pre_execute(self, message, attachment_actions, activity) -> str:
-        return "Getting your tasks..."
+        with sentry_sdk.start_transaction(name="my_tasks_preexec"):
+            return "Getting your tasks..."
 
     def execute(self, message, attachment_actions, activity) -> str | None:
         sender: str = attachment_actions.inputs.get("sender")
         result: bool = get_tasks(requestor=sender)
-        if not result:
-            return "Failed to get tasks. Please try again."
-        return
+        with sentry_sdk.start_transaction(name="my_tasks_exec"):
+            if not result:
+                return "Failed to get tasks. Please try again."
+            return

app/main.py

@@ -1,5 +1,8 @@
 #!/usr/bin/env python3
 
+import sentry_sdk
+from sentry_sdk.integrations.stdlib import StdlibIntegration
+
 from webex_bot.webex_bot import WebexBot
 
 from app.commands.exit import ExitCommand
@@ -7,8 +10,19 @@ from app.commands.submit_task import SubmitTaskCommand
 from app.utils.config import config
 
 
+if config.sentry_enabled:
+    apm = sentry_sdk.init(
+        dsn=config.sentry_dsn,
+        enable_tracing=True,
+        environment=config.environment,
+        release=config.version,
+        integrations=[StdlibIntegration()],
+        spotlight=True
+    )
+
+
 def create_bot() -> WebexBot:
-    # Create a Bot Object
+    """Create and return a Webex Bot object."""
     webex_bot: WebexBot = WebexBot(
         bot_name=config.bot_name,
         teams_bot_token=config.webex_token,

app/utils/config.py

@@ -1,34 +1,71 @@
-#!/usr/bin/env python3
+"""Configuration module."""
 
 import os
 
 
 class Config:
+    """Configuration module."""
     def __init__(self) -> None:
+        """Configuration module."""
+        self.__environment: str = os.environ.get("APP_LIFECYCLE", "DEV").upper()
+        self.__version: str = os.environ["APP_VERSION"]
         self.__bot_name: str = os.environ["BOT_NAME"]
         self.__webex_token: str = os.environ["WEBEX_API_KEY"]
         self.__admin_first_name: str = os.environ["ADMIN_FIRST_NAME"]
         self.__admin_emails: list = os.environ["ADMIN_EMAIL"].split(",")
         self.__n8n_webhook_url: str = os.environ["N8N_WEBHOOK_URL"]
+        self.__sentry_dsn: str = os.environ.get("SENTRY_DSN", "")
+        self.__sentry_enabled: bool = bool(
+            os.environ.get("SENTRY_ENABLED", "False").upper() == "TRUE"
+            and self.__sentry_dsn != ""
+        )
+
+    @property
+    def environment(self) -> str:
+        """Returns the current app lifecycle."""
+        return self.__environment
+
+    @property
+    def version(self) -> str:
+        """Returns the current app version."""
+        return self.__version
+
+    @property
+    def sentry_enabled(self) -> bool:
+        """Returns True if Sentry SDK is enabled, else False."""
+        return self.__sentry_enabled
+
+    @property
+    def sentry_dsn(self) -> str:
+        """Returns the Sentry DSN value if Sentry SDK is enabled AND
+        Sentry DSN is set, else blank string."""
+        if not self.__sentry_enabled:
+            return ""
+        return self.__sentry_dsn
 
     @property
     def bot_name(self) -> str:
+        """Returns the bot name."""
         return self.__bot_name
 
     @property
     def webex_token(self) -> str:
+        """Returns the Webex API key."""
         return self.__webex_token
 
     @property
     def admin_first_name(self) -> str:
+        """Returns the first name of the bot admin."""
         return self.__admin_first_name
 
     @property
     def admin_emails(self) -> list:
+        """Returns a list of admin email addresses."""
         return self.__admin_emails
 
     @property
     def n8n_webhook_url(self) -> str:
+        """Returns the n8n webhook URL."""
         return self.__n8n_webhook_url
 
 

app/utils/datetime.py

@@ -1,7 +1,18 @@
 #!/usr/bin/env python3
 
 from datetime import datetime
+from zoneinfo import ZoneInfo
 
 
 def timestamp_to_date(timestamp: int) -> str:
-    return datetime.utcfromtimestamp(timestamp).strftime("%Y-%m-%d")
+    """Convert timestamp to date.
+
+    Args:
+        timestamp (int): Timestamp to convert.
+
+    Returns:
+        str: Date in the format YYYY-MM-DD.
+    """
+    return datetime.fromtimestamp(timestamp=timestamp, tz=ZoneInfo("UTC")).strftime(
+        "%Y-%m-%d"
+    )

app/utils/n8n.py

@@ -1,9 +1,18 @@
 import requests
+import sentry_sdk
 
 from app.utils.config import config
 
 
 def __n8n_post(data: dict) -> bool:
+    """Post data to N8N webhook URL.
+
+    Args:
+        data (dict): Data to post to webhook URL.
+
+    Returns:
+        bool: True if successful, else False.
+    """
     headers: dict = {"Content-Type": "application/json"}
     resp: requests.Response = requests.post(
         url=config.n8n_webhook_url,
@@ -16,22 +25,45 @@ def __n8n_post(data: dict) -> bool:
 
 
 def submit_task(summary, description, completion_date, requestor) -> bool:
-    data: dict = {
-        "requestor": requestor,
-        "title": summary,
-        "description": description,
-        "completiondate": completion_date,
-    }
-    return __n8n_post(data=data)
+    """Submit task to N8N webhook URL.
+
+    Args:
+        summary (str): Summary of task.
+        description (str): Description of task.
+        completion_date (str): Completion date of task.
+        requestor (str): Requestor of task.
+
+    Returns:
+        bool: True if successful, else False.
+    """
+    with sentry_sdk.start_transaction(name="submit_task"):
+        data: dict = {
+            "requestor": requestor,
+            "title": summary,
+            "description": description,
+            "completiondate": completion_date,
+        }
+        _data = __n8n_post(data=data)
+    return _data
 
 
 def get_tasks(requestor) -> bool:
-    headers: dict = {"Content-Type": "application/json"}
-    resp: requests.Response = requests.get(
-        url=config.n8n_webhook_url,
-        headers=headers,
-        timeout=10,
-        verify=False,
-        params={"requestor": requestor},
-    )
-    return bool(resp.status_code == 200)
+    """Get tasks from N8N webhook URL.
+
+    Args:
+        requestor (str): Requestor of tasks.
+
+    Returns:
+        bool: True if successful, else False.
+    """
+    with sentry_sdk.start_transaction(name="get_tasks"):
+        headers: dict = {"Content-Type": "application/json"}
+        resp: requests.Response = requests.get(
+            url=config.n8n_webhook_url,
+            headers=headers,
+            timeout=10,
+            verify=False,
+            params={"requestor": requestor},
+        )
+        _data = bool(resp.status_code == 200)
+    return _data

docker-compose.yml

@@ -7,4 +7,4 @@ services:
       dockerfile: Dockerfile
     restart: unless-stopped
     env_file: .env
-...
+...

requirements-dev.txt

@@ -4,3 +4,4 @@ isort
 pylint
 pylint-exit
 pytest
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability

requirements.txt

@@ -1,46 +1,48 @@
 appdirs==1.4.4
-astroid==3.0.1
-attrs==23.1.0
-autopep8==2.0.4
+astroid==3.3.1
+attrs==24.2.0
+autopep8==2.3.1
 backoff==2.2.1
-certifi==2023.7.22
+certifi==2024.7.4
 cfgv==3.4.0
-charset-normalizer==3.3.1
+charset-normalizer==3.3.2
 click==8.1.7
 coloredlogs==15.0.1
-dill==0.3.7
-distlib==0.3.7
-filelock==3.12.4
-future==0.18.3
+dill==0.3.8
+distlib==0.3.8
+filelock==3.15.4
+future==1.0.0
 humanfriendly==10.0
-identify==2.5.30
-idna==3.4
+identify==2.6.0
+idna==3.7
 iniconfig==2.0.0
-lazy-object-proxy==1.9.0
+lazy-object-proxy==1.10.0
 mccabe==0.7.0
 mypy-extensions==1.0.0
-nodeenv==1.8.0
-packaging==23.2
-pathspec==0.11.2
-platformdirs==3.11.0
-pluggy==1.3.0
+nodeenv==1.9.1
+packaging==24.1
+pathspec==0.12.1
+platformdirs==4.2.2
+pluggy==1.5.0
 py==1.11.0
-pycodestyle==2.11.1
-PyJWT==2.8.0
-pyparsing==3.1.1
-python-dateutil==2.8.2
-python-dotenv==1.0.0
-PyYAML==6.0.1
-requests==2.31.0
+pycodestyle==2.12.1
+PyJWT==2.9.0
+pyparsing==3.1.2
+python-dateutil==2.9.0.post0
+python-dotenv==1.0.1
+PyYAML==6.0.2
+requests==2.32.3
 requests-toolbelt==1.0.0
+sentry-sdk==2.12.0
 six==1.16.0
 toml==0.10.2
 tomli==2.0.1
-tomlkit==0.12.1
-urllib3==2.0.7
-virtualenv==20.24.6
-webex-bot==0.4.1
+tomlkit==0.13.0
+urllib3==2.2.2
+virtualenv==20.26.3
+webex-bot==0.5.1
 webexteamssdk==1.6.1
-websockets==10.2
-wrapt==1.15.0
+websockets==11.0.3
+wrapt==1.16.0
 xmltodict==0.13.0
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability

test.sh

@@ -1,3 +1,3 @@
 export $(cat .env | xargs)
 python -B -m app.main
-unset BOT_NAME WEBEX_API_KEY ADMIN_FIRST_NAME ADMIN_EMAIL N8N_WEBHOOK_URL
+unset APP_LIFECYCLE SENTRY_ENABLED SENTRY_DSN BOT_NAME WEBEX_API_KEY ADMIN_FIRST_NAME ADMIN_EMAIL N8N_WEBHOOK_URL

tests/test_config.py

@@ -6,11 +6,14 @@ import os
 
 
 vars: dict = {
+    "APP_VERSION": "dev",
     "BOT_NAME": "TestBot",
     "WEBEX_API_KEY": "testing",
     "ADMIN_FIRST_NAME": "Test",
     "ADMIN_EMAIL": "test@test.com",
     "N8N_WEBHOOK_URL": "https://n8n.test.com/webhook/abcdefg",
+    "SENTRY_ENABLED": "false",
+    "SENTRY_DSN": "http://localhost"
 }